[CentOS] SYD flood dropped on Sendmail (centos 4.x)

Chris Heiner cheiner at networkdesignsinc.net
Thu Nov 20 21:46:06 UTC 2008


I have had that issue before with high traffic users and you are correct,
but I think this may be another issue as the its an off hours issue.


-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
Of Les Mikesell
Sent: Thursday, November 20, 2008 12:07 PM
To: CentOS mailing list
Subject: Re: [CentOS] SYD flood dropped on Sendmail (centos 4.x)

Kai Schaetzl wrote:
> Chris Heiner wrote on Thu, 20 Nov 2008 08:48:50 -0800:
>> My firewall seems to block an attack my Centos / Sendmail boxes on port
> port 110 is your POP server, probably dovecot.
>> These servers require a reboot after each attack.
> Because of what?
>> My firewall says it's
>> blocked?
> I don't see this statement in your logs. How/where does it say this?
>> Do I need to patch something on sendmail? Or is my firewall not
>> doing its job (Sonicwall)? This is not the first time this has happened.
> SYN floods are not unusual, even if it is not an attack. 
> What or if you want to do something depends on your situation.

If you have a popular server you can get what appear to be syn floods 
from broken asymmetrical routing or bad firewall settings that permit 
what would ordinarily be a normal number of client connection requests 
to reach you but keep your response from getting back.  So the clients 
sit and retry, hammering you with syn's.

   Les Mikesell
    lesmikesell at gmail.com

CentOS mailing list
CentOS at centos.org

Gateway Anti-Spam Anti-Virus Protection by 
   Network Designs Inc. 949-727-3393 
 For a complete list of services go to 

More information about the CentOS mailing list